Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks

In 2023, Cisco Talos and partners created a special Backdoors & Breaches card deck to help NGOs improve their cybersecurity skills with practical, easy-to-use training tailored to their needs.

TALOS
#web#ios#cisco#git#intel#backdoor#auth#ssl
New JSCEAL Malware Targets Millions via Fake Crypto App Ads

JSCEAL malware targets millions using fake crypto app ads to steal wallets and data. Users urged to stay alert and avoid downloading from untrusted sources.

GHSA-vf2r-cxg9-p7rf: The ADOdb sqlite3 driver allows SQL injection

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. Note that the indicated Severity corresponds to a worst-case usage scenario, e.g. allowing user-supplied data to be sent as-is to the above-mentioned methods. ### Impact SQLite3 driver. ### Patches Vulnerability is fixed in ADOdb 5.22.10 (https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03). ### Workarounds Only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter. ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.

Local Government Cybersecurity: Why Municipal Systems Need Extra Protection

Cybersecurity threats to local governments are part of life in the digital environment in which people live today.…

LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code

A new security flaw, LegalPwn, exploits a weakness in generative AI tools like GitHub Copilot and ChatGPT, where malicious code is disguised as legal disclaimers. Learn why human oversight is now more critical than ever for AI security.

GHSA-xg8j-j6vp-6h5w: Apache Zeppelin: Missing Origin Validation in WebSockets vulnerability

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs.  This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.

New Attack Uses Windows Shortcut Files to Install REMCOS Backdoor

Security firm Point Wild has exposed a new malware campaign using malicious LNK files to install the REMCOS backdoor. This report details how attackers disguise files to gain full system control.

Google Will Use AI to Guess People’s Ages Based on Search History

Plus: A former top US cyber official loses her new job due to political backlash, Congress is rushing through a bill to censor lawmakers’ personal information online, and more.

Why Cybersecurity Should Be a Board-Level Priority in Every Company – Perspective from Serhii Mikhalap

Cybersecurity is no longer a technical afterthought, thanks to today’s interconnected world. It’s a boardroom imperative. As online…